Whitelist ports - or am I thinking this wrong?

[lar.hed]

On my oold ASUS router I had the "pleasure" of setting up the LAN to WAN filtertable to only allow Whitelisted ports of traffic. I ended up with port 80 and 443 (and two servers had specific ports open due to streaming and downloading music/movie information on odd ports - never mind that). My ASUS router had DoT setup for DNS, and ntp running so that all clients was forced to connect to the gateway in the ASUS router for DNS and ntp request. Anyway I found that good, and liked that.

In the OPNsense installation anything goes out (and in my case nothing is opened in the firewall, I use no VPN service, nor do I have any WEB server for external users) - and I am thinking of my old Whitelist setup in the ASUS router.

So how do I do this in my OPNsense installation? Floating rules that allows only 80 and 443 and blocks the reste I guess, but then I need at least 853 for Unbound Plus DoT, and 123 I think for ntp? right?

Or am I doing this the wrong way? Any better solution out there that I am not aware of?